fix FIXME: sign also over balance during account-setup

src/exchange/taler-exchange-httpd_kyc-wallet.c

@@ -164,8 +164,6 @@ TEH_handler_kyc_wallet (
                                  &reserve_sig),
     GNUNET_JSON_spec_fixed_auto ("reserve_pub",
                                  &reserve_pub),
-    // FIXME: add balance threshold crossed to the request
-    // to spec and client API!
     TALER_JSON_spec_amount ("balance",
                             TEH_currency,
                             &krc.balance),
@@ -184,10 +182,9 @@ TEH_handler_kyc_wallet (
     return MHD_YES;   /* failure */
 
   TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
-  // FIXME: add balance threshold crossed to
-  // what the wallet signs over!
   if (GNUNET_OK !=
       TALER_wallet_account_setup_verify (&reserve_pub,
+                                         &krc.balance,
                                          &reserve_sig))
   {
     GNUNET_break_op (0);

src/include/taler_crypto_lib.h

@@ -3192,11 +3192,13 @@ TALER_wallet_reserve_close_verify (
  * Sign a request by a wallet to perform a KYC check.
  *
  * @param reserve_priv key identifying the wallet/account
+ * @param balance_threshold the balance threshold the wallet is about to cross
  * @param[out] reserve_sig resulting signature
  */
 void
 TALER_wallet_account_setup_sign (
   const struct TALER_ReservePrivateKeyP *reserve_priv,
+  const struct TALER_Amount *balance_threshold,
   struct TALER_ReserveSignatureP *reserve_sig);
 
 
@@ -3204,12 +3206,14 @@ TALER_wallet_account_setup_sign (
  * Verify account setup request.
  *
  * @param reserve_pub reserve the setup request was for
+ * @param balance_threshold the balance threshold the wallet is about to cross
  * @param reserve_sig resulting signature
  * @return #GNUNET_OK if the signature is valid
  */
 enum GNUNET_GenericReturnValue
 TALER_wallet_account_setup_verify (
   const struct TALER_ReservePublicKeyP *reserve_pub,
+  const struct TALER_Amount *balance_threshold,
   const struct TALER_ReserveSignatureP *reserve_sig);
 
 

src/lib/exchange_api_kyc_wallet.c

@@ -170,6 +170,7 @@ TALER_EXCHANGE_kyc_wallet (struct TALER_EXCHANGE_Handle *exchange,
   GNUNET_CRYPTO_eddsa_key_get_public (&reserve_priv->eddsa_priv,
                                       &reserve_pub.eddsa_pub);
   TALER_wallet_account_setup_sign (reserve_priv,
+                                   balance,
                                    &reserve_sig);
   req = GNUNET_JSON_PACK (
     TALER_JSON_pack_amount ("balance",

src/util/wallet_signatures.c

@@ -604,36 +604,68 @@ TALER_wallet_withdraw_verify (
 }
 
 
+GNUNET_NETWORK_STRUCT_BEGIN
+
+
+/**
+ * @brief Format used for to generate the signature on a request to withdraw
+ * coins from a reserve.
+ */
+struct TALER_AccountSetupRequestSignaturePS
+{
+
+  /**
+   * Purpose must be #TALER_SIGNATURE_WALLET_ACCOUNT_SETUP.
+   * Used with an EdDSA signature of a `struct TALER_ReservePublicKeyP`.
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+  /**
+   * Balance threshold the wallet is about to cross.
+   */
+  struct TALER_AmountNBO threshold;
+
+};
+
+
+GNUNET_NETWORK_STRUCT_END
+
+
 void
 TALER_wallet_account_setup_sign (
   const struct TALER_ReservePrivateKeyP *reserve_priv,
+  const struct TALER_Amount *balance_threshold,
   struct TALER_ReserveSignatureP *reserve_sig)
 {
-  struct GNUNET_CRYPTO_EccSignaturePurpose purpose = {
+  struct TALER_AccountSetupRequestSignaturePS asap = {
-    .size = htonl (sizeof (purpose)),
+    .purpose.size = htonl (sizeof (asap)),
-    .purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP)
+    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP)
   };
 
-  GNUNET_assert (GNUNET_OK ==
+  TALER_amount_hton (&asap.threshold,
-                 GNUNET_CRYPTO_eddsa_sign_ (&reserve_priv->eddsa_priv,
+                     balance_threshold);
-                                            &purpose,
+  GNUNET_CRYPTO_eddsa_sign (&reserve_priv->eddsa_priv,
-                                            &reserve_sig->eddsa_signature));
+                            &asap,
+                            &reserve_sig->eddsa_signature);
 }
 
 
 enum GNUNET_GenericReturnValue
 TALER_wallet_account_setup_verify (
   const struct TALER_ReservePublicKeyP *reserve_pub,
+  const struct TALER_Amount *balance_threshold,
   const struct TALER_ReserveSignatureP *reserve_sig)
 {
-  struct GNUNET_CRYPTO_EccSignaturePurpose purpose = {
+  struct TALER_AccountSetupRequestSignaturePS asap = {
-    .size = htonl (sizeof (purpose)),
+    .purpose.size = htonl (sizeof (asap)),
-    .purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP)
+    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP)
   };
 
-  return GNUNET_CRYPTO_eddsa_verify_ (
+  TALER_amount_hton (&asap.threshold,
+                     balance_threshold);
+  return GNUNET_CRYPTO_eddsa_verify (
     TALER_SIGNATURE_WALLET_ACCOUNT_SETUP,
-    &purpose,
+    &asap,
     &reserve_sig->eddsa_signature,
     &reserve_pub->eddsa_pub);
 }
@@ -641,6 +673,7 @@ TALER_wallet_account_setup_verify (
 
 GNUNET_NETWORK_STRUCT_BEGIN
 
+
 /**
  * Response by which a wallet requests a full
  * reserve history and indicates it is willing